BackgroundThe setting for the 2012 VAST Challenges is BankWorld, a planet much like Earth, but with a very different geography. In fact, for this Challenge, we are dealing with one large land mass containing several different nation-states. (See the picture…)
The most important organization on BankWorld is the Bank of Money (BOM). BOM has many offices of various sizes across BankWorld. Each of these offices has many computers active throughout the day. In fact, we are dealing with about 1,000,000 machines.
The Mini-Challenges ask you to address two general problems using a visual analytics approach. First, how do you achieve cyber situation awareness across the entire enterprise with such a large number of systems? Second, when something does go awry, can you identify it and the steps needed to resolve the problem?
Mini-Challenge 1: Bank of Money Enterprise: Cyber Situation Awareness
The Bank of Money (BOM) Corporate Information Officer (CIO) has assigned you to create a situation awareness visualization of the entire enterprise. This is a considerable challenge, considering that BOM operates from BankWorld's coast to coast. In addition to observing the global situation, he would also would like to be able to detect operational changes outside of the norm.
You are provided with two datasets that span two days of data for BOM.
- One dataset contains metadata about the bank’s network.
- The second dataset contains periodic status reports from all computing equipment in the BOM enterprise.
There is also one additional smaller dataset that contains a one hour snapshot of the enterprise's activities. It has the same format as the second dataset mentioned above, and can use the metadata contained in the first dataset.
Additional information about the enterprise and data is contained in the Mini Challenge 1 Information Package (See the Downloads section).
MC 1.1 Create a visualization of the health and policy status of the entire Bank of Money enterprise as of 2 pm BMT (BankWorld Mean Time) on February 2. What areas of concern do you observe? (Short Answer)
MC 1.2 Use your visualization tools to look at how the network’s status changes over time. Highlight up to five potential anomalies in the network and provide a visualization of each. When did each anomaly begin and end? What might be an explanation of each anomaly? (Detailed Answer)
Download the data for Mini-Challenge 1 on the VAST Challenge 2012: Submission Instructions and Downloads page.
Mini-Challenge 2: Bank of Money Regional Office Network Operations ForensicsDuring a time period that is NOT overlapping with MC 1, a Region within the Bank of Money is experiencing operational difficulties. This becomes a challenge for the operations staff, particularly as they attempt to deploy their limited number of skilled administrators to address issues occurring in the enterprise.
You will be provided with Firewall and IDS logs from one of the BOM networks of approximately 5000 machines. These are very similar to the Firewall and IDS logs you worked on during the VAST 2011 MC 2, and so the tools you used there will come in handy for this mini-challenge (and reuse is encouraged). You will also be provided with a description of the network to guide your investigation.
MC 2.1 Using your visual analytics tools, can you identify what noteworthy events took place for the time period covered in the firewall and IDS logs? Provide screen shots of your visual analytics tools that highlight the five most noteworthy events of security concern, along with explanations of each event.
MC 2.2 What security trend is apparent in the firewall and IDS logs over the course of the two days included here? Illustrate the identified trend with an informative and innovative visualization.
MC 2.3 What do you suspect is (are) the root cause(s) of the events identified in MC 2.1? Understanding that you cannot shut down the corporate network or disconnect it from the internet, what actions should the network administrators take to mitigate the root cause problem(s)?
Download the data for Mini-Challenge 2 on the VAST Challenge 2012: Submission Instructions and Downloads page.